The two law enforcement agencies said CrySIS, CryptON and SamSam ransomware have all been spread through RDP attacks. CrySiS has mainly been used against U.S. businesses that have computers with open RDP ports. Here attackers use brute-force and dictionary attacks to gain unauthorized remote access and then CrySiS is dropped onto the device and a ransom is demanded.
Recommendations to protect a system included:
- Enable strong passwords and account lockout policies to defend against brute-force attacks.
- Apply two-factor authentication, where possible.
- Apply system and software updates regularly.
- Maintain a good back-up strategy.
- Disable the service if unneeded or install available patches.
- Enable logging and ensure logging mechanisms capture RDP logins.
- Minimize network exposure for all control system devices. Where possible, critical devices should not have RDP enabled.
https://www.scmagazine.com/home/news/rdp-attacks-on-the-rise-warns-fbi-dhs/
No comments:
Post a Comment